Akeyless SCP
Akeyless SCP enables secure copy via Secure Remote Access Bastion.
Note:
Akeyless SCP currently supports only UNIX-like OS.
Prerequisite
-
Akeyless Secure Remote Access Bastion.
-
OpenSSH V7.3 or higher on target servers.
Usage
- Download Akeyless SCP script:
curl -o akeyless-scp https://download.akeyless.io/Akeyless_Artifacts/Linux/SSH/akeyless-scp
chmod +x akeyless-scp
mv akeyless-scp /usr/local/bin
- Create your ~/.akeyless-sphere.rc :
# ---------------------------------------------------------------------
# Copyright © 2021 Akeyless Security LTD.
#
# All rights reserved
# ----------------------------------------------------------------------
#
# This file is a user-specific configuration file for akeyless-sphere Zero Trust Access
# it should be located in user home directory named .akeyless-sphere.rc
#
# identity_file - the path to the ssh-key to be signed and used for Zero Trust session (if empty, default ssh-key is used)
identity_file=""
# cert_issuer_name - full path to the Akeyless SSH Cert Issuer to use for Zero Trust session
cert_issuer_name=""
# profile - Akeyless CLI profile to be used
profile="default"
# Akeyless CLI binary (if needed)
AKEYLESS_CLI=akeyless
# AKEYLESS_API_GW - URL for Akeyless API Gateway (RestAPI)
AKEYLESS_API_GW=""
# Following are used for control service, to configure the temporary session:
# ${BASTION_API_PROTO_}://"${BASTION_API_PREFIX_}${JB_SRV_}${BASTION_API_PATH_}":"${BASTION_API_PORT_}
#
BASTION_API_PREFIX_=""
BASTION_API_PATH_=""
BASTION_API_PROTO_=http
BASTION_API_PORT_=9900
# Allow caching of temp session creds
SESSION_CACHING=no
# Display connection stages
DISPLAY_STAGES=yes
# Use SSH Agent to store user's identity keys.
USE_SSH_AGENT=yes
Where:
CERT_ISSUER_NAME
- Full path to Akeyless SSH Cert Issuer.
AKEYLESS_API_GW
- URL of Akeyless Gateway RestAPI endpoint.
- Use akeyless-SCP command to perform secure copy to remote target server via Akeyless Secure Remote Access Bastion:
Full options list:
Usage: /usr/local/bin/akeyless-scp <[email protected][:port]> via <jumpbox-server[:port]> [options]
optional arguments:
--cert-issuer-name Akeyless certificate issuer name [mandatory]
--local-file File to copy [mandatory]
--remote-file File to copy [default is '~/']
--direction upload/download [default is 'upload']
--profile Use a specific profile from your Akeyless CLI
-i Selects a file from which the identity (private key) for public key authentication is read [default is '~/.ssh/id_rsa']
--ssh-extra-args Use to add offical SSH arguments (except -i)
For example, this command will start to copy a local file, to a remote server.
akeyless-scp [email protected] via <sra-bastion-ssh-service> --local-file /full/local/location/file --remote-file /remote/location/file
Updated 7 months ago
Did this page help you?